Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Handling the 0-day Excel Vulnerability

At the end of February Microsoft released information about an exploit against multiple versions of Excel (2000 through to 2007 on Windows, and 2004 and 2008 on OS X, Open XML File Converter for Mac, Excel Viewer 2003). This exploit has been found in the wild and it has been considered important enough for Microsoft to issue a security advisory for the previously undisclosed vulnerability. Like many prior serious vulnerabilities in document formats that have attracted out-of-band attention from Microsoft it has originated from an exploit being used in targeted attacks against a small number of targets.

Microsoft recommend using the Microsoft Office Isolated Conversion Environment to pre-process suspect files before opening them. Doing so mitigates against the attack, however it does mean that Office 2003 and earlier files that are processed will lose their macro functionality and that DRM/password protected files can not be converted. This is only an option if Office 2003 or 2007 are in use. Likewise, setting FileOpenBlock as per the mitigation recommended by Microsoft means that Office 2003 and 2007 users will not be able to open Office 2003 and earlier files unless they are present in a defined exempt directory. Both methods of mitigation result in Excel only opening the newer XML file formats, not the older binary Office file format.

According to the Security Research & Defense team, this is the first time that an exploit has been discovered that can run code on Office 2007. It seems that the exploit code is explicitly designed to target Office 2007 in use on Windows XP, while it most likely would result in a denial of service via application crash in the other listed versions of Office / Excel. The exploit is also targeting the now-legacy binary Office file format and hasn't been discovered in Office's new XML-based format, hence the recommended mitigation which ensures conversion to the newer format and which blocks the opening of older file formats.

1 March 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.